From 9a851e23bdd98e50851ca1273d4c5186552d09d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20F=C3=B6rster?= Date: Mon, 2 Sep 2024 16:47:24 +0200 Subject: [PATCH] [net-dns/bind] sync with tree, hopefully not breaking anything --- net-dns/bind/Manifest | 5 +- net-dns/bind/bind-9.18.27.ebuild | 190 ++++++++++++------ net-dns/bind/files/named.conf-r8 | 166 +++++++++++++++ .../files/{named.conf-r9 => named.conf.auth} | 2 +- net-dns/bind/files/named.confd-r8 | 22 ++ net-dns/bind/files/named.init-r15 | 170 +++++++++++++++- net-dns/bind/metadata.xml | 2 +- 7 files changed, 486 insertions(+), 71 deletions(-) create mode 100644 net-dns/bind/files/named.conf-r8 rename net-dns/bind/files/{named.conf-r9 => named.conf.auth} (95%) diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest index 322c9f2..8218d84 100644 --- a/net-dns/bind/Manifest +++ b/net-dns/bind/Manifest @@ -1,3 +1,2 @@ -DIST bind-9.18.27.tar.xz 5524000 BLAKE2B 720b1677606c27768af7799f4a36cebcbebea2f4ddf42421bc9cba29d48b8f3bc9616c691c1b7e1897635984d01099ea40c1c7346908aa3652b1347794139e25 SHA512 d0c89821fef38e531d65b465adeb5946589775e6a4d5e2068e969f1106c961d3b202af19247b9e20f9fbde645be10d610478edf89ed0d83b39d38fb4353c693a -DIST bind-9.18.27.tar.xz.asc 833 BLAKE2B 8621991724e19b0b987cf82c8d6bbf31ef2440c9e133d06925c982f60d69587770dc4560c34050243da0bbe59d8180bdc910ca661cec9a0cd11d525ef4110fa2 SHA512 0da73d14dd8db8e55fcfe47e597fe242f7889b64e3cb383e24f90bed95b13cf38771cf7513bf621e308e5a6d10d83ae333ddd09f266fa7b1bd031192ec698404 -DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac +DIST bind-9.18.29.tar.xz 5562720 BLAKE2B f3e7de6936362bcce4993e401ed8fdd9d597459e82ad908a918fff1da619f91ef4896595ea210b43f2b492d763d7be2b71105495858da55431b60874c7fd2312 SHA512 6c2676e2e2cb90f3bd73afb367813c54d1c961e12df1e12e41b9d0ee5a1d5cdf368d81410469753eaef37e43358b56796f078f3b2f20c3b247c4bef91d56c716 +DIST bind-9.18.29.tar.xz.asc 833 BLAKE2B afb127b5431f5e05eb1849335a692bf3a072bfc6182a8052316728a11f2f63f9f3c67a820a1d75f8d4cf3fe50e142f286f06f5392378bb64854402d3496061aa SHA512 6612c7151c4c1736e0237b8219cefbafbc1dcd4b04ad9b12b99cba703e6debde90d2f9838dd1465a47b9a002a598d9b8f3221dfe1a3bdc41436a92e6d06db472 diff --git a/net-dns/bind/bind-9.18.27.ebuild b/net-dns/bind/bind-9.18.27.ebuild index 680313c..67294f9 100644 --- a/net-dns/bind/bind-9.18.27.ebuild +++ b/net-dns/bind/bind-9.18.27.ebuild @@ -3,73 +3,61 @@ EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/isc.asc -inherit python-any-r1 systemd tmpfiles verify-sig +inherit multiprocessing systemd tmpfiles verify-sig MY_PV="${PV/_p/-P}" MY_PV="${MY_PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -RRL_PV="${MY_PV}" DESCRIPTION="Berkeley Internet Name Domain - Name Server" -HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9" +HOMEPAGE="https://www.isc.org/software/bind" SRC_URI=" https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz - doc? ( mirror://gentoo/dyndns-samples.tbz2 ) verify-sig? ( https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz.asc ) " -S="${WORKDIR}/${MY_P}" +S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="MPL-2.0" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux" -IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn geoip gssapi lmdb selinux static-libs test xml" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn +jemalloc geoip gssapi lmdb selinux static-libs test xml" +RESTRICT="!test? ( test )" -# libuv lower bound should be the highest value seen at -# https://gitlab.isc.org/isc-projects/bind9/-/blob/bind-9.18/lib/isc/netmgr/netmgr.c?ref_type=heads#L203 -# to avoid issues with matching stable/testing, etc DEPEND=" acct-group/named acct-user/named - dev-libs/jemalloc dev-libs/json-c:= - >=dev-libs/libuv-1.42.0:= - sys-libs/zlib + >=dev-libs/libuv-1.37.0:= + sys-libs/zlib:= dev-libs/openssl:=[-bindist(-)] caps? ( >=sys-libs/libcap-2.1.0 ) - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - doh? ( net-libs/nghttp2 ) + dnstap? ( + dev-libs/fstrm + dev-libs/protobuf-c + ) + doh? ( net-libs/nghttp2:= ) geoip? ( dev-libs/libmaxminddb ) gssapi? ( virtual/krb5 ) idn? ( net-dns/libidn2 ) + jemalloc? ( dev-libs/jemalloc:= ) lmdb? ( dev-db/lmdb ) xml? ( dev-libs/libxml2 ) " - -# optionally for testing dnssec -# dev-python/dnspython[dnssec] -BDEPEND=" - test? ( - ${PYTHON_DEPS} - dev-python/pytest - dev-python/requests - dev-python/requests-toolbelt - dev-python/dnspython - dev-perl/Net-DNS-SEC - dev-util/cmocka - ) -" - -RDEPEND="${DEPEND} +RDEPEND=" + ${DEPEND} selinux? ( sec-policy/selinux-bind ) sys-process/psmisc - !net-dns/bind-tools + !/dev/null; echo ${CHROOT}) + if [[ -n ${CHROOT} ]]; then + elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + elog "To enable the old behaviour (without using mount) uncomment the" + elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + elog "If you decide to use the new/default method, ensure to make backup" + elog "first and merge your existing configs/zones to /etc/bind and" + elog "/var/bind because bind will now mount the needed directories into" + elog "the chroot dir." + fi + + # show only when upgrading to 9.18 + if [[ -n "${REPLACING_VERSIONS}" ]] && ver_test "${REPLACING_VERSIONS}" -lt 9.18; then + elog "As this is a major bind version upgrade, please read:" + elog " https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918" + elog "for differences in functionality." + elog "" + ewarn "In particular, please note that bind-9.18 does not need a root hints file anymore" + ewarn "and we only ship with one as a stop-gap. If your current configuration specifies a" + ewarn "root hints file - usually called named.cache - bind will not start as it will not be able" + ewarn "to find the specified file. Best practice is to delete the offending lines that" + ewarn "reference named.cache file from your configuration." + fi +} + +pkg_config() { + CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) + CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) + CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) + + if [[ -z "${CHROOT}" ]]; then + eerror "This config script is designed to automate setting up" + eerror "a chrooted bind/named. To do so, please first uncomment" + eerror "and set the CHROOT variable in '/etc/conf.d/named'." + die "Unset CHROOT" + fi + + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + ewarn "To enable the old behaviour (without using mount) uncomment the" + ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 + fi + + echo; einfo "Setting up the chroot directory..." + + mkdir -m 0750 -p ${CHROOT} || die + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die + mkdir -m 0750 -p ${CHROOT}/etc/bind || die + mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die + + chown root:named \ + ${CHROOT} \ + ${CHROOT}/var/{bind,log/named} \ + ${CHROOT}/run/named/ \ + ${CHROOT}/etc/bind \ + || die + + mknod ${CHROOT}/dev/null c 1 3 || die + chmod 0666 ${CHROOT}/dev/null || die + + mknod ${CHROOT}/dev/zero c 1 5 || die + chmod 0666 ${CHROOT}/dev/zero || die + + if [[ "${CHROOT_NOMOUNT:-0}" -ne 0 ]]; then + cp -a /etc/bind ${CHROOT}/etc/ || die + cp -a /var/bind ${CHROOT}/var/ || die + fi + + if [[ "${CHROOT_GEOIP:-0}" -eq 1 ]]; then + if use geoip; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die + elif use geoip2; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die + fi + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" } diff --git a/net-dns/bind/files/named.conf-r8 b/net-dns/bind/files/named.conf-r8 new file mode 100644 index 0000000..39f9be2 --- /dev/null +++ b/net-dns/bind/files/named.conf-r8 @@ -0,0 +1,166 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-* for more details. + * Online versions of the documentation can be found here: + * https://kb.isc.org/article/AA-01031 + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + /* Deny transfers by default except for the listed hosts. + * If we have other name servers, place them here. + */ + none; +}; + +/* + * You might put in here some ips which are allowed to use the cache or + * recursive queries + */ +acl "trusted" { + 127.0.0.0/8; + ::1/128; +}; + +options { + directory "/var/bind"; + pid-file "/run/named/named.pid"; + + /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ + //bindkeys-file "/etc/bind/bind.keys"; + + listen-on-v6 { ::1; }; + listen-on { 127.0.0.1; }; + + allow-query { + /* + * Accept queries from our "trusted" ACL. We will + * allow anyone to query our master zones below. + * This prevents us from becoming a free DNS server + * to the masses. + */ + trusted; + }; + + allow-query-cache { + /* Use the cache for the "trusted" ACL. */ + trusted; + }; + + allow-recursion { + /* Only trusted addresses are allowed to use recursion. */ + trusted; + }; + + allow-transfer { + /* Zone tranfers are denied by default. */ + none; + }; + + allow-update { + /* Don't allow updates, e.g. via nsupdate. */ + none; + }; + + /* + * If you've got a DNS server around at your upstream provider, enter its + * IP address here, and enable the line below. This will make you benefit + * from its cache, thus reduce overall DNS traffic in the Internet. + * + * Uncomment the following lines to turn on DNS forwarding, and change + * and/or update the forwarding ip address(es): + */ +/* + forward first; + forwarders { + // 123.123.123.123; // Your ISP NS + // 124.124.124.124; // Your ISP NS + // 4.2.2.1; // Level3 Public DNS + // 4.2.2.2; // Level3 Public DNS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + }; + +*/ + + dnssec-enable yes; + //dnssec-validation yes; + + /* + * As of bind 9.8.0: + * "If the root key provided has expired, + * named will log the expiration and validation will not work." + */ + dnssec-validation auto; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; +}; + +/* +logging { + channel default_log { + file "/var/log/named/named.log" versions 5 size 50M; + print-time yes; + print-severity yes; + print-category yes; + }; + + category default { default_log; }; + category general { default_log; }; +}; +*/ + +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; +}; + +zone "." in { + type hint; + file "/var/bind/named.cache"; +}; + +zone "localhost" IN { + type master; + file "pri/localhost.zone"; + notify no; +}; + +/* + * Briefly, a zone which has been declared delegation-only will be effectively + * limited to containing NS RRs for subdomains, but no actual data beyond its + * own apex (for example, its SOA RR and apex NS RRset). This can be used to + * filter out "wildcard" or "synthesized" data from NAT boxes or from + * authoritative name servers whose undelegated (in-zone) data is of no + * interest. + * See http://www.isc.org/software/bind/delegation-only for more info + */ + +//zone "COM" { type delegation-only; }; +//zone "NET" { type delegation-only; }; + +//zone "YOUR-DOMAIN.TLD" { +// type master; +// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; +// allow-query { any; }; +// allow-transfer { xfer; }; +//}; + +//zone "YOUR-SLAVE.TLD" { +// type slave; +// file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; +// masters { ; }; + + /* Anybody is allowed to query but transfer should be controlled by the master. */ +// allow-query { any; }; +// allow-transfer { none; }; + + /* The master should be the only one who notifies the slaves, shouldn't it? */ +// allow-notify { ; }; +// notify no; +//}; diff --git a/net-dns/bind/files/named.conf-r9 b/net-dns/bind/files/named.conf.auth similarity index 95% rename from net-dns/bind/files/named.conf-r9 rename to net-dns/bind/files/named.conf.auth index 36d8b70..f59b64f 100644 --- a/net-dns/bind/files/named.conf-r9 +++ b/net-dns/bind/files/named.conf.auth @@ -3,7 +3,7 @@ //}; options { - directory "/var/bind"; + directory "/var/cache/bind"; pid-file "/run/named/named.pid"; listen-on { 127.0.0.1; }; diff --git a/net-dns/bind/files/named.confd-r8 b/net-dns/bind/files/named.confd-r8 index b3f918c..2d2ef4b 100644 --- a/net-dns/bind/files/named.confd-r8 +++ b/net-dns/bind/files/named.confd-r8 @@ -9,6 +9,28 @@ NAMED_CONF="/etc/bind/named.conf" # Leave this unchanged if you want bind to automatically detect the number #CPU="1" +# If you wish to run bind in a chroot: +# 1) un-comment the CHROOT= assignment, below. You may use +# a different chroot directory but MAKE SURE it's empty. +# 2) run: emerge --config = +# +#CHROOT="/chroot/dns" + +# Uncomment to enable binmount of /usr/share/GeoIP +#CHROOT_GEOIP="1" + +# Uncomment the line below to avoid that the init script mounts the needed paths +# into the chroot directory. +# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1". +#CHROOT_NOMOUNT="1" + +# Uncomment this option if you have setup your own chroot environment and you +# don't want/need the chroot consistency check +#CHROOT_NOCHECK=1 + +# Default pid file location +# use named.conf to specify pid-file location + # Scheduling priority: 19 is the lowest and -20 is the highest. # Default: 0 #NAMED_NICELEVEL="0" diff --git a/net-dns/bind/files/named.init-r15 b/net-dns/bind/files/named.init-r15 index ad4dad7..bdee10c 100644 --- a/net-dns/bind/files/named.init-r15 +++ b/net-dns/bind/files/named.init-r15 @@ -11,13 +11,83 @@ depend() { provide dns } -NAMED_CONF=${NAMED_CONF:-/etc/bind/named.conf} +NAMED_CONF=${NAMED_CONF:-${CHROOT}/etc/bind/named.conf} + +OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0} +MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60} + +_mount() { + local from + local to + local opts + local ret=0 + + if [ "${#}" -lt 3 ]; then + eerror "_mount(): to few arguments" + return 1 + fi + + from=$1 + to=$2 + shift 2 + + opts="${*}" + shift $# + + if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then + einfo "mounting ${from} to ${to}" + mount ${from} ${to} ${opts} + ret=$? + + eend $ret + return $ret + fi + + return 0 +} + +_umount() { + local dir=$1 + local ret=0 + + if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then + ebegin "umounting ${dir}" + umount ${dir} + ret=$? + + eend $ret + return $ret + fi + + return 0 +} _get_pidfile() { # as suggested in bug #107724, bug 335398#c17 - [ -n "${PIDFILE}" ] || PIDFILE=$(\ - /usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2) - [ -z "${PIDFILE}" ] && PIDFILE="/run/named/named.pid" + [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\ + /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2) + [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid +} + +check_chroot() { + if [ -n "${CHROOT}" ]; then + [ ! -d "${CHROOT}" ] && return 1 + [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1 + [ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1 + [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1 + [ ! -d "${CHROOT}/var/log/named" ] && return 1 + [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1 + [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1 + if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then + if [ -d "/usr/lib64" ]; then + [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1 + elif [ -d "/usr/lib" ]; then + [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1 + fi + fi + fi + + return 0 } checkconfig() { @@ -27,23 +97,65 @@ checkconfig() { eerror "No ${NAMED_CONF} file exists!" return 1 fi - /usr/bin/named-checkconf ${NAMED_CONF} || { + + /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || { eerror "named-checkconf failed! Please fix your config first." return 1 } + eend 0 + return 0 } checkzones() { ebegin "Checking named configuration and zones" - /usr/bin/named-checkconf -z ${NAMED_CONF} + /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} eend $? } start() { local piddir - ebegin "Starting named" + ebegin "Starting ${CHROOT:+chrooted }named" + + if [ -n "${CHROOT}" ]; then + if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then + check_chroot || { + eend 1 + eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" + return 1 + } + fi + + if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then + if [ ! -e /usr/lib/engines/libgost.so ]; then + eend 1 + eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support" + return 1 + fi + cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || { + eend 1 + eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'" + return 1 + } + fi + cp -Lp /etc/localtime "${CHROOT}/etc/localtime" + + if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then + einfo "Mounting chroot dirs" + _mount /etc/bind ${CHROOT}/etc/bind -o bind + _mount /var/bind ${CHROOT}/var/bind -o bind + _mount /var/log/named ${CHROOT}/var/log/named -o bind + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind + fi + fi + + # On initial startup, if piddir inside the chroot /var/run/named + # Then the .../var/run part might not exist yet + checkpath -q -d -o root:root -m 0755 "${piddir}/.." + fi + checkconfig || { eend 1; return 1; } # create piddir (usually /run/named) if necessary, bug 334535 @@ -63,16 +175,56 @@ start() { start-stop-daemon --start --pidfile ${PIDFILE} \ --nicelevel ${NAMED_NICELEVEL:-0} \ --exec /usr/sbin/named \ - -- -u named -c ${NAMED_CONF} ${CPU} ${OPTIONS} + -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT} eend $? } stop() { - ebegin "Stopping named" + local reported=0 + + ebegin "Stopping ${CHROOT:+chrooted }named" + + # Workaround for now, until openrc's restart has been fixed. + # openrc doesn't care about a restart() function in init scripts. + if [ "${RC_CMD}" = "restart" ]; then + if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then + check_chroot || { + eend 1 + eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" + return 1 + } + fi + + checkconfig || { eend 1; return 1; } + fi + # -R 10, bug 335398 _get_pidfile start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \ --exec /usr/sbin/named + + if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then + ebegin "Umounting chroot dirs" + + # just to be sure everything gets clean + while fuser -s ${CHROOT} 2>/dev/null; do + if [ "${reported}" -eq 0 ]; then + einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)" + elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then + eerror "Waiting until all named processes are stopped failed!" + eend 1 + break + fi + sleep 1 + reported=$((reported+1)) + done + + [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP + _umount ${CHROOT}/etc/bind + _umount ${CHROOT}/var/log/named + _umount ${CHROOT}/var/bind + fi + eend $? } diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml index aa2583b..31dfc13 100644 --- a/net-dns/bind/metadata.xml +++ b/net-dns/bind/metadata.xml @@ -16,4 +16,4 @@ Enable JSON statistics channel Enable LMDB support to store configuration for 'addzone' zones - + \ No newline at end of file